beautypg.com

Acl accounting – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 231

background image

Multi-Service IronWare Security Configuration Guide

213

53-1003035-02

ACL accounting

4

ACL accounting

Multi-Service devices monitor the number of times an ACL is used to filter incoming or outgoing
traffic on an interface. The show ipv6 access-list accounting command displays the number of
“hits” or how many times ACL filters permitted or denied packets that matched the conditions of
the filters.

NOTE

ACL accounting does not tabulate nor display the number of implicit denials by an ACL.

Counters, stored in hardware, keep track of the number of times an ACL filter is used.

The counters that are displayed on the ACL accounting report are:

1s – Number of hits during the last second. This counter is updated every second.

1m – Number of hits during the last minute. This counter is updated every one minute.

5m – Number of hits during the last five minutes. This counter is updated every five minutes.

ac – Accumulated total number of hits. This counter begins when an ACL is bound to an
interface and is updated every one minute. This total is updated until it is cleared.
The accumulated total is updated every minute. For example, a minute after an ACL is bound to
a port, it receives 10 hits per second and continues to receive 10 hits per second. After one
minute, the accumulated total hits is 600. After 10 minutes, there will be 6000 hits.

The counters can be cleared when the device is rebooted, when an ACL is bound to or unbound
from an interface, or by entering a clear ipv6 access-list command.

Enabling and disabling ACL accounting on Brocade NetIron XMR and
Brocade MLX series devices

ACL accounting is disabled by default on Brocade NetIron XMR and Brocade MLX series devices. To
enable ACL accounting, enter the following command in global configuration mode:

Brocade (config)# enable-acl-counter

Syntax: [no] enable-acl-counter

NOTE

Enabling or disabling ACL accounting affects the gathering of statistics from all ACL types (Layer-2,
IPv4 and IPv6).

NOTE

The enable-acl-counter command is not supported on Brocade NetIron CES and Brocade NetIron
CER devices.

ACL accounting on Brocade NetIron CES 2000 and Brocade NetIron
CER 2000 devices

The following special considerations affect how IPv6 Layer 4 ACL accounting is configured on the
Brocade NetIron CES 2000 and Brocade NetIron CER 2000 devices:

See also other documents in the category Brocade Computer Accessories: